Am 06.06.2015 um 17:54 schrieb Felix Schumacher:
Hi George,
Am 03.06.2015 um 12:11 schrieb George:
Hello,
yes my server can do tls 1.2 perfectly and also with the above
(strong) cipher.I did some more tests where i modify step by step my
server configuration until it works and here are my results.
Test 1:My server allows ONLY tls 1.2 and ONLY the cipher
ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
Test 2:My server allows ONLY tls 1.2 and ANY cipher
Test 3:My server allows tls 1.2 and tls 1.1 and ANY cipher
Test 4:My server allows tls 1.2 and tls 1.1 and tls 1.0 and ANY cipher
My jmeter.properties is set to do tls1.2 only - but the SSL
configuration is only for the http protocol and not for smtp(s).Thus
i think this does not care.I have java jre 1.8 latest plus the oracle
security "Unlimited Strength Java Cryptography Extension Policy
Files" pakage.
My jmeter test plan is very easy.
One thread one smtp sampler and one "view results in tree".The SMTP
Sampler target my mail server on port "465" and the checkbox "use
ssl" is enabled and the hook "Trust all certificates" is enabled
too.There is one Subject: hello and Email body: hello. Simple
Results:Test 1: Fail - no ssl handshakeTest 2: Fail - no ssl
handshakeTest 3: Fail - no ssl handshakeTest 4: Success: Perfectly
SSL Handshake. SSL Connection established using "TLSv1
ECDHE-ECDSA-AES256-SHA" (no client certificate checkup <- means no
mutual ssl)
OK thus it works.I can sent an email with jmeter SMTP sampler using
(direct) ssl on port 465 - but it only works if i activate tls1.0.
I do not found any jmeter configuration about "smtps".
I did some further tests wirh thunderbird 31.4 (on a linux).Here the
results.Test 1: Fails - no ssl connectionTest 2, 3 and 4: Success.
Looking on the thunderbird settings its strange but the cipher i want
to use is not available. Thus i can do tls1.2 but not with my
"strong" cipher.
Br.George
I have added a few println's in TrustAllSSLSocketFactory and found,
that I have to change the line where the sslcontext is created first
by calling SSLContext.getInstance("TLS").
When you change that occurence of TLS to TLSv1.2 you should get a
TLSv1.2 connection with a string cipher suite.
This default setting should probably be configurable as the used
cipher suites.
After a bit more research, the behaviour seems to be different between
java 7 and java 8. In my tests java 8 was able to do a TLSv1.2 connect
with getInstance("TLS"), while java 7 was not.
Can you double check, that you are using java 8?
Regards
Felix
Regards
Felix
Felix Schumacher <[email protected]> schrieb am
10:29 Montag, 1.Juni 2015:
Am 29.05.2015 um 13:16 schrieb George:
Hello,
i try to sent a "hello" email using SMTP Sampler and want to use
SSL/TLS on standard port 465 for this connection.More i want to use
TLSv1.2 with the very strong cipher
"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384"Currently the handshake fail.
Technially if i change the configuration on my server to also accept
TLSv1.1 and v1.0 then the SSL connection works and the email is sent
perfectly.I see in the logs that the client (jmeter) and my server
aggreed on a cipher comming from TLS1.0.Thus in general SSL is
working but not with TLSv1.2.
Anyone any idea how i can use SMTP(s) with TLSv1.2 and the above
cipher?I tried to put this in my jmeter.sh file but seems it does
not matter?
JMETER_OPTS="-Dhttps.cipherSuites=TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384"
The smtp sampler has no option to specify the wanted ciphersuites, so
the option given above will not be used.
I also installed lates java jdk and i also installed the additional
strong security pakage and replaced the .jar files in
/usr/java/jre.../lib/security
Which jdk did you install exactly?
Have you checked (with openssl or something similar), that your
mailserver is capable of TLSv1.2?
Regards
Felix
BrGeorge
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
